Mozilla Firefox users need to update the browser immediately: CERT-in alerts
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory alerting Mozilla Firefox users about multiple vulnerabilities in the internet browser and has asked that they update it immediately.
The CERT-In advisory states that these browser vulnerabilities can be exploited by remote attackers to obtain sensitive information via the browser and execute arbitrary code on the targeted system.
CERT-In has rated the severity as 'High' on all Mozilla Firefox browsers prior to version 75 and Mozilla Firefox ESR prior to version 68.7 which have been affected. The advisory thus recommends that everyone update their browser to the latest version immediately.
"Out-of-Bounds Read Vulnerability in Mozilla Firefox ( CVE-2020-6821 ). This vulnerability exists in Mozilla Firefox due to a boundary condition when using WebGLcopyTexSubImage method. A remote attacker could exploit this vulnerability by specially crafted web pages.Successful exploitation of this vulnerability could allow a remote attacker to disclose sensitive information," the advisory said.
According to reports, another vulnerability exists in Mozilla Firefox due to a boundary condition in GMP Decode Data while processing images larger than 4GB on 32-bit builds. A remote attacker can exploit this vulnerability by specially crafted images and trick the victim into opening it. If this vulnerability is successfully exploited that could allow an attacker to "execute arbitrary code on the target system".
A remote attacker can also exploit another vulnerability by "persuading a victim to install a crafted extension. Successful exploitation of this vulnerability could allow a remote attacker to disclose sensitive information".
"Information Disclosure Vulnerability in Mozilla Firefox ( CVE-2020-6824). This vulnerability exists in Mozilla Firefox to generate a password for a site but leaves Firefox open.A remote attacker could exploit this vulnerability by revisiting the same site of the victim and generating a new password. The generated password will remain the same on the targeted system," the advisory added.
Other vulnerabilities include 'Buffer Overflow Vulnerability in Mozilla Firefox (CVE-2020-6825)' and 'Memory Corruption Vulnerability in Mozilla Firefox (CVE-2020-6826)'.